﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Web;

namespace Common
{
    public static class URLNOSQL
    {
        /// <summary>
        /// 防止sql注入
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        public static void CheckedURL(HttpRequest Request, HttpResponse Response)
        {
            string url = Request.Url.ToString();
            if (Request.Form.Count > 0)
            {
                string filterUrl = FilterUrl(url);
                if (!url.Equals(filterUrl))
                {
                    Response.Redirect(filterUrl);
                }
            }
            //过滤Get参数
            if (Request.QueryString.Count > 0)
            {
                string filterUrl = FilterUrl(url);
                if (!url.Equals(filterUrl))
                {
                    Response.Redirect(filterUrl);
                }
            }
        }

        /// <summary>
        /// 过滤特殊字符
        /// </summary>
        /// <param name="url"></param>
        /// <returns></returns>
        public static string FilterUrl(string url)
        {
            string replaceStr = url;
            if (!string.IsNullOrEmpty(url))
            {
                replaceStr = replaceStr.ToLower();
                replaceStr = replaceStr.Replace("<", "");
                replaceStr = replaceStr.Replace(">", "");
                replaceStr = replaceStr.Replace("|", "");
                replaceStr = replaceStr.Replace("\"", "");
                replaceStr = replaceStr.Replace("'", "");
                replaceStr = replaceStr.Replace("%", "");
                replaceStr = replaceStr.Replace(";", "");
                replaceStr = replaceStr.Replace("(", "");
                replaceStr = replaceStr.Replace(")", "");
                replaceStr = replaceStr.Replace("+", "");
                replaceStr = replaceStr.Replace("script", "");
                replaceStr = replaceStr.Replace("alert", "");
                replaceStr = replaceStr.Replace("select", "");
                replaceStr = replaceStr.Replace("update", "");
                replaceStr = replaceStr.Replace("insert", "");
                replaceStr = replaceStr.Replace("like", "");
                replaceStr = replaceStr.Replace("applet", "");
                replaceStr = replaceStr.Replace("body", "");
                replaceStr = replaceStr.Replace("embed", "");
                replaceStr = replaceStr.Replace("frame", "");
                replaceStr = replaceStr.Replace("html", "");
                replaceStr = replaceStr.Replace("iframe", "");
                replaceStr = replaceStr.Replace("img", "");
                replaceStr = replaceStr.Replace("style", "");
                replaceStr = replaceStr.Replace("layer", "");
                replaceStr = replaceStr.Replace("link", "");
                replaceStr = replaceStr.Replace("ilayer", "");
                replaceStr = replaceStr.Replace("meta", "");
                replaceStr = replaceStr.Replace("object", "");
            }
            return replaceStr;
        }
    }
}